3 Copyright (C) 2013 celeron55, Perttu Ahola <celeron55@gmail.com>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU Lesser General Public License as published by
7 the Free Software Foundation; either version 2.1 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public License along
16 with this program; if not, write to the Free Software Foundation, Inc.,
17 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 #include "lua_api/l_internal.h"
21 #include "common/c_converter.h"
22 #include "common/c_content.h"
23 #include "lua_api/l_http.h"
24 #include "httpfetch.h"
33 #define HTTP_API(name) \
34 lua_pushstring(L, #name); \
35 lua_pushcfunction(L, l_http_##name); \
39 void ModApiHttp::read_http_fetch_request(lua_State *L, HTTPFetchRequest &req)
41 luaL_checktype(L, 1, LUA_TTABLE);
43 req.caller = httpfetch_caller_alloc_secure();
44 getstringfield(L, 1, "url", req.url);
45 getstringfield(L, 1, "user_agent", req.useragent);
46 req.multipart = getboolfield_default(L, 1, "multipart", false);
47 if (getintfield(L, 1, "timeout", req.timeout))
50 lua_getfield(L, 1, "method");
51 if (lua_isstring(L, -1)) {
52 std::string mth = getstringfield_default(L, 1, "method", "");
54 req.method = HTTP_GET;
55 else if (mth == "POST")
56 req.method = HTTP_POST;
57 else if (mth == "PUT")
58 req.method = HTTP_PUT;
59 else if (mth == "DELETE")
60 req.method = HTTP_DELETE;
64 // post_data: if table, post form data, otherwise raw data DEPRECATED use data and method instead
65 lua_getfield(L, 1, "post_data");
66 if (lua_isnil(L, 2)) {
68 lua_getfield(L, 1, "data");
71 req.method = HTTP_POST;
74 if (lua_istable(L, 2)) {
76 while (lua_next(L, 2) != 0) {
77 req.fields[readParam<std::string>(L, -2)] = readParam<std::string>(L, -1);
80 } else if (lua_isstring(L, 2)) {
81 req.raw_data = readParam<std::string>(L, 2);
86 lua_getfield(L, 1, "extra_headers");
87 if (lua_istable(L, 2)) {
89 while (lua_next(L, 2) != 0) {
90 req.extra_headers.emplace_back(readParam<std::string>(L, -1));
97 void ModApiHttp::push_http_fetch_result(lua_State *L, HTTPFetchResult &res, bool completed)
100 setboolfield(L, -1, "succeeded", res.succeeded);
101 setboolfield(L, -1, "timeout", res.timeout);
102 setboolfield(L, -1, "completed", completed);
103 setintfield(L, -1, "code", res.response_code);
104 setstringfield(L, -1, "data", res.data);
107 // http_api.fetch_sync(HTTPRequest definition)
108 int ModApiHttp::l_http_fetch_sync(lua_State *L)
110 NO_MAP_LOCK_REQUIRED;
112 HTTPFetchRequest req;
113 read_http_fetch_request(L, req);
115 infostream << "Mod performs HTTP request with URL " << req.url << std::endl;
118 httpfetch_sync(req, res);
120 push_http_fetch_result(L, res, true);
125 // http_api.fetch_async(HTTPRequest definition)
126 int ModApiHttp::l_http_fetch_async(lua_State *L)
128 NO_MAP_LOCK_REQUIRED;
130 HTTPFetchRequest req;
131 read_http_fetch_request(L, req);
133 infostream << "Mod performs HTTP request with URL " << req.url << std::endl;
134 httpfetch_async(req);
136 // Convert handle to hex string since lua can't handle 64-bit integers
137 std::stringstream handle_conversion_stream;
138 handle_conversion_stream << std::hex << req.caller;
139 std::string caller_handle(handle_conversion_stream.str());
141 lua_pushstring(L, caller_handle.c_str());
145 // http_api.fetch_async_get(handle)
146 int ModApiHttp::l_http_fetch_async_get(lua_State *L)
148 NO_MAP_LOCK_REQUIRED;
150 std::string handle_str = luaL_checkstring(L, 1);
152 // Convert hex string back to 64-bit handle
154 std::stringstream handle_conversion_stream;
155 handle_conversion_stream << std::hex << handle_str;
156 handle_conversion_stream >> handle;
159 bool completed = httpfetch_async_get(handle, res);
161 push_http_fetch_result(L, res, completed);
166 int ModApiHttp::l_set_http_api_lua(lua_State *L)
168 NO_MAP_LOCK_REQUIRED;
170 // This is called by builtin to give us a function that will later
171 // populate the http_api table with additional method(s).
172 // We need this because access to the HTTP api is security-relevant and
173 // any mod could just mess with a global variable.
174 luaL_checktype(L, 1, LUA_TFUNCTION);
175 lua_rawseti(L, LUA_REGISTRYINDEX, CUSTOM_RIDX_HTTP_API_LUA);
180 int ModApiHttp::l_request_http_api(lua_State *L)
182 NO_MAP_LOCK_REQUIRED;
184 // We have to make sure that this function is being called directly by
185 // a mod, otherwise a malicious mod could override this function and
186 // steal its return value.
189 // Make sure there's only one item below this function on the stack...
190 if (lua_getstack(L, 2, &info)) {
193 FATAL_ERROR_IF(!lua_getstack(L, 1, &info), "lua_getstack() failed");
194 FATAL_ERROR_IF(!lua_getinfo(L, "S", &info), "lua_getinfo() failed");
196 // ...and that that item is the main file scope.
197 if (strcmp(info.what, "main") != 0) {
201 // Mod must be listed in secure.http_mods or secure.trusted_mods
202 lua_rawgeti(L, LUA_REGISTRYINDEX, CUSTOM_RIDX_CURRENT_MOD_NAME);
203 if (!lua_isstring(L, -1)) {
207 std::string mod_name = readParam<std::string>(L, -1);
208 std::string http_mods = g_settings->get("secure.http_mods");
209 http_mods.erase(std::remove(http_mods.begin(), http_mods.end(), ' '), http_mods.end());
210 std::vector<std::string> mod_list_http = str_split(http_mods, ',');
212 std::string trusted_mods = g_settings->get("secure.trusted_mods");
213 trusted_mods.erase(std::remove(trusted_mods.begin(), trusted_mods.end(), ' '), trusted_mods.end());
214 std::vector<std::string> mod_list_trusted = str_split(trusted_mods, ',');
216 mod_list_http.insert(mod_list_http.end(), mod_list_trusted.begin(), mod_list_trusted.end());
217 if (std::find(mod_list_http.begin(), mod_list_http.end(), mod_name) == mod_list_http.end()) {
222 lua_rawgeti(L, LUA_REGISTRYINDEX, CUSTOM_RIDX_HTTP_API_LUA);
223 assert(lua_isfunction(L, -1));
226 HTTP_API(fetch_async);
227 HTTP_API(fetch_async_get);
229 // Stack now looks like this:
230 // <function> <table with fetch_async, fetch_async_get>
231 // Now call it to append .fetch(request, callback) to table
237 int ModApiHttp::l_get_http_api(lua_State *L)
239 NO_MAP_LOCK_REQUIRED;
242 HTTP_API(fetch_async);
243 HTTP_API(fetch_async_get);
244 HTTP_API(fetch_sync);
251 void ModApiHttp::Initialize(lua_State *L, int top)
255 bool isMainmenu = false;
257 isMainmenu = ModApiBase::getGuiEngine(L) != nullptr;
261 API_FCT(get_http_api);
263 API_FCT(request_http_api);
264 API_FCT(set_http_api_lua);
270 void ModApiHttp::InitializeAsync(lua_State *L, int top)
273 API_FCT(get_http_api);